npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

browser-tls-fetch

v0.0.6

Published

fetch-compatible HTTP client with TLS fingerprinting

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

dan1vedan1ve

Keywords

fetchtlsfingerprintcloudflarescrapingbot-detectionhttp-clientproxy

Readme

browser-tls-fetch

A fetch-like HTTP client for Node.js that perfectly mimics how real browsers make requests. Works against Cloudflare, Akamai, and other bot detection systems out of the box.

import { fetch } from 'browser-tls-fetch';

// Uses a Chrome 133 TLS fingerprint by default
const response = await fetch('https://example.com');
console.log(await response.text());
import { TlsClient } from 'browser-tls-fetch';

// Use a specific browser profile with a proxy
const client = new TlsClient({
  profile: 'firefox_135',
  proxy: 'http://user:pass@host:8080',
});

// Text responses (HTML, JSON, etc.)
const page = await client.fetch('https://example.com');
const html = await page.text();

// JSON with auto-serialized request body
const api = await client.post('https://api.example.com', {
  body: { key: 'value' }, // objects are auto-serialized to JSON
});
const data = await api.json();

// Binary responses (images, PDFs, etc.)
const img = await client.fetch('https://example.com/image.png');
const buffer = await img.arrayBuffer();

Install

npm install browser-tls-fetch

Platform-specific binaries are installed automatically via optional dependencies. Supported platforms:

| OS | Arch | |---|---| | macOS | arm64, x64 | | Linux | arm64, x64 | | Windows | x64 |

How it works

browser-tls-fetch completely bypasses Node.js's built-in HTTP and TLS stack. Instead, it uses precompiled tls-client binaries loaded via koffi FFI. This means the TLS handshake, HTTP/2 negotiation, and header ordering all match a real browser rather than exposing Node.js-specific patterns that bot detection systems flag.

Client options

Create a TlsClient for more control:

import { TlsClient } from 'browser-tls-fetch';

const client = new TlsClient({
  profile: 'firefox_135',
  proxy: 'http://user:pass@host:8080',
  timeout: 10_000,
  followRedirects: false,
  insecureSkipVerify: false,
  forceHttp1: false,
});

const page = await client.fetch('https://example.com');
const html = await page.text();

Methods

| Method | Description | |---|---| | fetch(url, init?) | Fetch a response (text, JSON, binary — anything) | | get(url, init?) | Shortcut for fetch with GET | | post(url, init?) | Shortcut for fetch with POST |

TlsClientOptions

| Option | Type | Default | Description | |---|---|---|---| | profile | TlsProfile | 'chrome_133' | Browser TLS fingerprint to use | | proxy | string | — | Proxy URL (http://, socks5://) | | timeout | number | 30000 | Request timeout in ms | | followRedirects | boolean | true | Follow HTTP redirects | | insecureSkipVerify | boolean | false | Skip TLS certificate verification | | forceHttp1 | boolean | false | Force HTTP/1.1 | | headerOrder | string[] | — | Custom header order for TLS fingerprint |

BrowserTlsRequestInit

| Option | Type | Default | Description | |---|---|---|---| | method | string | 'GET' | HTTP method | | headers | Record<string, string> | [string, string][] | — | Request headers | | body | string | Record<string, unknown> | null | — | Request body (objects auto-serialized to JSON) | | redirect | 'follow' | 'manual' | 'follow' | Redirect behavior | | timeout | number | — | Per-request timeout override |

BrowserTlsResponse

The response object has methods similar to the standard Response API:

| Method | Description | |---|---| | text(encoding?) | Returns the body as a string. Defaults to utf-8, but you can pass any BufferEncoding (e.g. 'latin1', 'ascii'). | | json<T>() | Parses the body as JSON | | arrayBuffer() | Returns the body as an ArrayBuffer | | bytes() | Returns the body as a Uint8Array | | blob() | Returns the body as a Blob |

| Property | Type | Description | |---|---|---| | status | number | HTTP status code | | statusText | string | HTTP status text | | ok | boolean | true if status is 200–299 | | headers | BrowserTlsHeaders | Response headers | | url | string | Final URL (after redirects) | | bodyUsed | boolean | Whether the body has been consumed |

Profiles

Chrome, Firefox, Safari, Opera, and various mobile app profiles are supported. See the full list in src/types/profiles.ts. Some examples:

  • chrome_133, chrome_144, chrome_146
  • firefox_135, firefox_147
  • safari_ios_18_5, safari_ios_26_0
  • okhttp4_android_13

Custom library path

If you need to provide your own tls-client binary:

export BROWSER_TLS_FETCH_LIB_PATH=/path/to/tls-client.dylib

Disclaimer

This library is provided for legitimate purposes such as testing, research, and accessing your own services. Any use that violates the terms of service of third-party websites or applicable laws is strictly prohibited. Users are solely responsible for how they use this software — the authors assume no liability for misuse.

License

This project is licensed under a revenue-threshold license — free for individuals and organizations with annual revenue under $3M USD. See LICENSE for details.

This software includes compiled binaries from tls-client (BSD 4-Clause License, Copyright Bogdan Finn).